News Stay informed about the latest enterprise technology news and product updates.

Domain controller virtualization continues to spark debate

Less than two months ago, we posted an article by Microsoft MVP Gary Olsen on the topic of domain controller virtualization. The article was actually a follow-up to something he wrote way back in 2006, where he pondered if virtualizing DCs was really a good idea.

At the time of the first article (which predates Hyper-V), questions about I/O bottlenecks, security and even Microsoft’s questionable support of DC virtualization made the whole concept seem somewhat dicey. The recommendation was that while it was possible (Microsoft did have “how to” documentation, after all), virtual domain controllers should really only be implemented on a limited, non-critical basis.

Obviously, virtualization is a lot more popular today than it was back then, and continued technological advances have made it arguably the driving force in today’s IT market. So of course everyone is all together when it comes to virtualizing DCs now, right? Wrong.

I was reading a thread recently on the subject, and the debate is as heated as ever before. People were basically falling into three camps:

The Pros
Those who think domain controller virtualization is a great idea. (Not good, mind you, great.) The one opinion these folks seem to share is the importance of following the recommended best practices to a T. Not virtualizing all of your DCs and leaving some physical is also a common suggestion, though not something everyone finds necessary. (I believe Microsoft recommends two physical DCs per domain.)

The Cons
These are the people who simply say, “Thanks, but no thanks.” Questions involving security, backups and high availability abound, or the planning/configuration process is too much.

The Others
The last camp is made up of people who are all for domain controller virtualization, but can’t seem to agree on the right way to do it:

“Don’t keep all your virtual DCs on the same host machine!”
“No way that defeats the whole point!”

“Don’t virtualize FSMO roles!”
“Why the heck not?”

You get the idea. One thing that’s clear is that DC virtualization is getting more popular. But while those who have done it successfully appear set to never look back, others remain reluctant to take the plunge.

What are your thoughts on domain controller virtualization? Do you fall in the pros or the cons camp? Share your thoughts in the comment section below.

For more information on virtualization, Active Directory and more, visit

Join the conversation


Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

I personally think it depernds on the size and needs of your organization. If you have many different remote office or co locations a virtual DC can be a good thing. As long as you have the back up dc local your pretty much covered both ways. If you loose your ISP connection you still have the back domain controller to allow authentication and other server services. If your back up goes down or you have server room issues IE: Power outage etc... you should be able to have a high availability solution that can allow for your local server room to go down and you still are up in produciton from your Virtual DC and servers at the Data center. It can be a win win situation. Except for when your a smaller company and the cost of ownership of a virtual environment raises your IT budget tenfold. THen maybe it is not a good idea to even go with the virtualization infrastructure.
2 of our 5 dc's are virtual. I still have not seen clear reasons, except for caution, not to implement virtual DCs. For me, working in a company with weak facilities, were disaster might strike, and in fact it has struck in the past, I believe it is a great relief to know that you can restore from backup in minutes and have a dc to recreate your whole domain, without fear of problems to restore to a physical machine, which may have to be different from the original. So far, so good, no noticeable problems running both virtual and physical....ok, jus for caution, until experience confirms it, my fsmo roles are in the physical machines.
Well I have virtualized DC's for companies with size ranging from 8000 user base and (43000 objects) to 120,000 user base (250,000) objects spanning over 130 countries across the world using both VMware and Ms Hyper V. Virtualizing the DC's , gives more flexibility and reduced cost and better DR plan. It gave my design a very robust continuity that I was tempted to not include backup but i did. With Virtualization, I was able to automate most task. For example , in an event of power loss, i could set the order I want my servers to start up first. Like the DC's before any other servers without manual intervention( cant archieve that on physical servers). Then also High availability provided by Virtualization and DRS. When it comes to timing that is experinced due to lapses on host machine, all dc relied on the same external time source. This is a tried and tested design and I have been implementing such since 2006. My client with a totally vrtualized DC includes the biggest bank in the world, one of the biggest electronic company in europe (specific Holland) , The biggest Travel and money exchange company to name a few. I do not understand peoples argument except for lack of knowledge or laziness.